1 #include "sotauptaneclient.h"
8 #include "campaign/campaign.h"
9 #include "crypto/crypto.h"
10 #include "crypto/keymanager.h"
11 #include "initializer.h"
12 #include "logging/logging.h"
13 #include "uptane/exceptions.h"
15 #include "utilities/fault_injection.h"
16 #include "utilities/utils.h"
18 static void report_progress_cb(event::Channel *channel,
const Uptane::Target &target,
const std::string &description,
19 unsigned int progress) {
20 if (channel ==
nullptr) {
23 auto event = std::make_shared<event::DownloadProgressReport>(target, description, progress);
27 void SotaUptaneClient::addSecondary(
const std::shared_ptr<Uptane::SecondaryInterface> &sec) {
31 if (!storage->loadSecondaryInfo(serial, &info) || info.type ==
"" || info.pub_key.Type() == KeyType::kUnknown) {
33 info.hw_id = sec->getHwId();
34 info.type = sec->Type();
36 if (p.Type() != KeyType::kUnknown) {
39 storage->saveSecondaryInfo(info.serial, info.type, info.pub_key);
42 if (storage->loadEcuRegistered()) {
44 storage->loadEcuSerials(&serials);
46 if (std::find_if(serials.cbegin(), serials.cend(), secondary_comp) == serials.cend()) {
47 throw std::logic_error(
"Add new secondaries for provisioned device is not implemented yet");
51 const auto map_it = secondaries.find(serial);
52 if (map_it != secondaries.end()) {
53 throw std::runtime_error(std::string(
"Multiple secondaries found with the same serial: ") + serial.ToString());
56 secondaries.emplace(serial, sec);
59 bool SotaUptaneClient::isInstalledOnPrimary(
const Uptane::Target &target) {
60 if (target.ecus().find(primaryEcuSerial()) != target.ecus().end()) {
61 return target.MatchTarget(package_manager_->getCurrent());
66 std::vector<Uptane::Target> SotaUptaneClient::findForEcu(
const std::vector<Uptane::Target> &targets,
68 std::vector<Uptane::Target>
result;
69 for (
auto it = targets.begin(); it != targets.end(); ++it) {
70 if (it->ecus().find(ecu_id) != it->ecus().end()) {
78 LOG_INFO <<
"Installing package using " << package_manager_->name() <<
" package manager";
80 return package_manager_->install(target);
81 }
catch (std::exception &ex) {
86 void SotaUptaneClient::finalizeAfterReboot() {
89 if (!hasPendingUpdates()) {
90 LOG_DEBUG <<
"No pending updates, continuing with initialization";
94 LOG_INFO <<
"Checking for a pending update to apply for Primary ECU";
97 boost::optional<Uptane::Target> pending_target;
98 storage->loadInstalledVersions(primary_ecu_serial.ToString(),
nullptr, &pending_target);
100 if (!pending_target) {
101 LOG_ERROR <<
"No pending update for Primary ECU found, continuing with initialization";
105 LOG_INFO <<
"Pending update for Primary ECU was found, trying to apply it...";
109 if (install_res.result_code == data::ResultCode::Numeric::kNeedCompletion) {
110 LOG_INFO <<
"Pending update for Primary ECU was not applied because reboot was not detected, "
111 "continuing with initialization";
115 storage->saveEcuInstallationResult(primary_ecu_serial, install_res);
117 const std::string correlation_id = pending_target->correlation_id();
118 if (install_res.success) {
119 storage->saveInstalledVersion(primary_ecu_serial.ToString(), *pending_target, InstalledVersionUpdateMode::kCurrent);
121 report_queue->enqueue(std_::make_unique<EcuInstallationCompletedReport>(primary_ecu_serial, correlation_id,
true));
124 storage->saveInstalledVersion(primary_ecu_serial.ToString(), *pending_target, InstalledVersionUpdateMode::kNone);
125 report_queue->enqueue(std_::make_unique<EcuInstallationCompletedReport>(primary_ecu_serial, correlation_id,
false));
128 director_repo.dropTargets(*storage);
131 std::string raw_report;
132 computeDeviceInstallationResult(&ir, &raw_report);
133 storage->storeDeviceInstallationResult(ir, raw_report, correlation_id);
149 storage->saveInstalledVersion(ecu_serial.ToString(), target, InstalledVersionUpdateMode::kNone);
151 result = PackageInstall(target);
152 if (
result.result_code.num_code == data::ResultCode::Numeric::kOk) {
154 storage->saveInstalledVersion(ecu_serial.ToString(), target, InstalledVersionUpdateMode::kCurrent);
155 }
else if (
result.result_code.num_code == data::ResultCode::Numeric::kNeedCompletion) {
157 storage->saveInstalledVersion(ecu_serial.ToString(), target, InstalledVersionUpdateMode::kPending);
159 storage->saveEcuInstallationResult(ecu_serial,
result);
163 void SotaUptaneClient::reportHwInfo() {
164 Json::Value hw_info = Utils::getHardwareInfo();
165 if (!hw_info.empty()) {
166 if (hw_info != last_hw_info_reported) {
167 if (http->put(config.tls.server +
"/system_info", hw_info).isOk()) {
168 last_hw_info_reported = hw_info;
172 LOG_WARNING <<
"Unable to fetch hardware information from host system.";
176 void SotaUptaneClient::reportInstalledPackages() {
177 http->put(config.tls.server +
"/core/installed", package_manager_->getInstalledPackages());
180 void SotaUptaneClient::reportNetworkInfo() {
182 LOG_DEBUG <<
"Reporting network information";
183 Json::Value network_info = Utils::getNetworkInfo();
184 if (network_info != last_network_info_reported) {
185 HttpResponse response = http->put(config.tls.server +
"/system_info/network", network_info);
186 if (response.isOk()) {
187 last_network_info_reported = network_info;
192 LOG_DEBUG <<
"Not reporting network information because telemetry is disabled";
196 void SotaUptaneClient::reportAktualizrConfiguration() {
197 if (!config.telemetry.report_config) {
198 LOG_DEBUG <<
"Not reporting network information because telemetry is disabled";
202 LOG_DEBUG <<
"Reporting libaktualizr configuration";
203 std::stringstream conf_ss;
204 config.writeToStream(conf_ss);
205 http->post(config.tls.server +
"/system_info/config",
"application/toml", conf_ss.str());
208 Json::Value SotaUptaneClient::AssembleManifest() {
209 Json::Value manifest;
211 manifest[
"primary_ecu_serial"] = primary_ecu_serial.ToString();
214 Json::Value version_manifest;
216 Json::Value primary_manifest = uptane_manifest->assembleManifest(package_manager_->getCurrent());
217 std::vector<std::pair<Uptane::EcuSerial, int64_t>> ecu_cnt;
218 std::string report_counter;
219 if (!storage->loadEcuReportCounter(&ecu_cnt) || (ecu_cnt.size() == 0)) {
220 LOG_ERROR <<
"No ECU version report counter, please check the database!";
223 report_counter = std::to_string(ecu_cnt[0].second + 1);
224 storage->saveEcuReportCounter(ecu_cnt[0].first, ecu_cnt[0].second + 1);
226 version_manifest[primary_ecu_serial.ToString()] = uptane_manifest->sign(primary_manifest, report_counter);
228 for (
auto it = secondaries.begin(); it != secondaries.end(); it++) {
232 bool from_cache =
false;
233 if (secmanifest == Json::Value()) {
236 if (storage->loadCachedEcuManifest(ecu_serial, &cached)) {
237 LOG_WARNING <<
"Could not reach secondary " << ecu_serial <<
", sending a cached version of its manifest";
238 secmanifest = Utils::parseJSON(cached);
241 LOG_ERROR <<
"Could not fetch a valid secondary manifest from cache";
245 if (secmanifest.verifySignature(it->second->getPublicKey())) {
246 version_manifest[ecu_serial.ToString()] = secmanifest;
248 storage->storeCachedEcuManifest(ecu_serial, Utils::jsonToCanonicalStr(secmanifest));
252 LOG_ERROR <<
"Secondary manifest is corrupted or not signed, or signature is invalid manifest: " << secmanifest;
255 manifest[
"ecu_version_manifests"] = version_manifest;
258 Json::Value installation_report;
261 std::string raw_report;
262 std::string correlation_id;
263 bool has_results = storage->loadDeviceInstallationResult(&dev_result, &raw_report, &correlation_id);
265 installation_report[
"result"] = dev_result.toJson();
266 installation_report[
"raw_report"] = raw_report;
267 installation_report[
"correlation_id"] = correlation_id;
268 installation_report[
"items"] = Json::arrayValue;
270 std::vector<std::pair<Uptane::EcuSerial, data::InstallationResult>> ecu_results;
271 storage->loadEcuInstallationResults(&ecu_results);
272 for (
const auto &r : ecu_results) {
277 item[
"ecu"] = serial.ToString();
278 item[
"result"] = res.toJson();
280 installation_report[
"items"].append(item);
283 manifest[
"installation_report"][
"content_type"] =
"application/vnd.com.here.otac.installationReport.v1";
284 manifest[
"installation_report"][
"report"] = installation_report;
286 LOG_DEBUG <<
"No installation result to report in manifest";
292 bool SotaUptaneClient::hasPendingUpdates()
const {
return storage->hasPendingInstall(); }
294 void SotaUptaneClient::initialize() {
295 LOG_DEBUG <<
"Checking if device is provisioned...";
296 auto keys = std::make_shared<KeyManager>(storage, config.keymanagerConfig());
297 Initializer initializer(config.provision, storage, http, *keys, secondaries);
299 if (!initializer.isSuccessful()) {
300 throw std::runtime_error(
"Fatal error during provisioning or ECU device registration.");
304 if (!storage->loadEcuSerials(&serials) || serials.size() == 0) {
305 throw std::runtime_error(
"Unable to load ECU serials after device registration.");
308 uptane_manifest = std::make_shared<Uptane::ManifestIssuer>(keys, serials[0].first);
309 primary_ecu_serial_ = serials[0].first;
310 primary_ecu_hw_id_ = serials[0].second;
311 LOG_INFO <<
"Primary ECU serial: " << primary_ecu_serial_ <<
" with hardware ID: " << primary_ecu_hw_id_;
315 std::string device_id;
316 if (!storage->loadDeviceId(&device_id)) {
317 throw std::runtime_error(
"Unable to load device ID after device registration.");
319 LOG_INFO <<
"Device ID: " << device_id;
320 LOG_INFO <<
"Device Gateway URL: " << config.tls.server;
324 std::string not_before;
325 std::string not_after;
326 keys->getCertInfo(&subject, &issuer, ¬_before, ¬_after);
327 LOG_INFO <<
"Certificate subject: " << subject;
328 LOG_INFO <<
"Certificate issuer: " << issuer;
329 LOG_INFO <<
"Certificate valid from: " << not_before <<
" until: " << not_after;
331 LOG_DEBUG <<
"... provisioned OK";
332 finalizeAfterReboot();
335 bool SotaUptaneClient::updateDirectorMeta() {
336 if (!director_repo.updateMeta(*storage, *uptane_fetcher)) {
337 last_exception = director_repo.getLastException();
343 bool SotaUptaneClient::updateImageMeta() {
344 if (!image_repo.updateMeta(*storage, *uptane_fetcher)) {
345 last_exception = image_repo.getLastException();
351 bool SotaUptaneClient::checkDirectorMetaOffline() {
352 if (!director_repo.checkMetaOffline(*storage)) {
353 last_exception = director_repo.getLastException();
359 bool SotaUptaneClient::checkImageMetaOffline() {
360 if (!image_repo.checkMetaOffline(*storage)) {
361 last_exception = image_repo.getLastException();
368 std::string *raw_installation_report)
const {
371 std::string raw_ir =
"Installation succesful";
374 std::vector<std::pair<Uptane::EcuSerial, data::InstallationResult>> ecu_results;
376 if (!storage->loadEcuInstallationResults(&ecu_results)) {
379 "Unable to get installation results from ecus");
380 raw_ir =
"Failed to load ECUs' installation result";
385 std::string result_code_err_str;
387 for (
const auto &r : ecu_results) {
388 auto ecu_serial = r.first;
389 auto installation_res = r.second;
391 auto hw_id = ecuHwId(ecu_serial);
396 "Unable to get installation results from ecus");
398 raw_ir =
"Couldn't find any ECU with the given serial: " + ecu_serial.ToString();
403 if (installation_res.needCompletion()) {
405 device_installation_result =
407 "ECU needs completion/finalization to be installed: " + ecu_serial.ToString());
408 raw_ir =
"ECU needs completion/finalization to be installed: " + ecu_serial.ToString();
415 if (!installation_res.isSuccess()) {
416 std::string ecu_code_str = (*hw_id).ToString() +
":" + installation_res.result_code.toString();
417 result_code_err_str += (result_code_err_str !=
"" ?
"|" :
"") + ecu_code_str;
421 if (!result_code_err_str.empty()) {
423 device_installation_result =
425 "Installation failed on at least one of ECUs");
426 raw_ir =
"Installation failed on at least one of ECUs";
434 *
result = device_installation_result;
437 if (raw_installation_report !=
nullptr) {
438 *raw_installation_report = raw_ir;
442 bool SotaUptaneClient::getNewTargets(std::vector<Uptane::Target> *new_targets,
unsigned int *ecus_count) {
443 std::vector<Uptane::Target> targets = director_repo.getTargets().targets;
445 if (ecus_count !=
nullptr) {
450 for (
const auto &ecu : target.ecus()) {
458 auto hw_id_known = ecuHwId(ecu_serial);
460 LOG_ERROR <<
"Unknown ECU ID in Director Targets metadata: " << ecu_serial.ToString();
465 if (*hw_id_known != hw_id) {
466 LOG_ERROR <<
"Wrong hardware identifier for ECU " << ecu_serial.ToString();
471 boost::optional<Uptane::Target> current_version;
472 if (!storage->loadInstalledVersions(ecu_serial.ToString(), ¤t_version,
nullptr)) {
473 LOG_WARNING <<
"Could not load currently installed version for ECU ID: " << ecu_serial.ToString();
477 if (!current_version) {
478 LOG_WARNING <<
"Current version for ECU ID: " << ecu_serial.ToString() <<
" is unknown";
480 }
else if (current_version->filename() != target.filename()) {
484 if (primary_ecu_serial == ecu_serial) {
486 (config.pacman.type == PACKAGE_MANAGER_OSTREE || config.pacman.type == PACKAGE_MANAGER_OSTREEDOCKERAPP)) {
487 LOG_ERROR <<
"Cannot install a non-OSTree package on an OSTree system";
493 if (is_new && ecus_count !=
nullptr) {
499 new_targets->push_back(target);
505 std::unique_ptr<Uptane::Target> SotaUptaneClient::findTargetHelper(
const Uptane::Targets &cur_targets,
507 const int level,
const bool terminating,
508 const bool offline) {
510 const auto it = std::find_if(cur_targets.targets.cbegin(), cur_targets.targets.cend(), target_comp);
511 if (it != cur_targets.targets.cend()) {
512 return std_::make_unique<Uptane::Target>(*it);
515 if (terminating || level >= Uptane::kDelegationsMaxDepth) {
516 return std::unique_ptr<Uptane::Target>(
nullptr);
519 for (
const auto &delegate_name : cur_targets.delegated_role_names_) {
520 Uptane::Role delegate_role = Uptane::Role::Delegation(delegate_name);
521 auto patterns = cur_targets.paths_for_role_.find(delegate_role);
522 if (patterns == cur_targets.paths_for_role_.end()) {
527 for (
const auto &pattern : patterns->second) {
528 if (fnmatch(pattern.c_str(), queried_target.filename().c_str(), 0) == 0) {
540 Uptane::getTrustedDelegation(delegate_role, cur_targets, image_repo, *storage, *uptane_fetcher, offline);
541 if (delegation.isExpired(TimeStamp::Now())) {
545 auto is_terminating = cur_targets.terminating_role_.find(delegate_role);
546 if (is_terminating == cur_targets.terminating_role_.end()) {
550 auto found_target = findTargetHelper(delegation, queried_target, level + 1, is_terminating->second, offline);
551 if (found_target !=
nullptr) {
556 return std::unique_ptr<Uptane::Target>(
nullptr);
559 std::unique_ptr<Uptane::Target> SotaUptaneClient::findTargetInDelegationTree(
const Uptane::Target &target,
560 const bool offline) {
561 auto toplevel_targets = image_repo.getTargets();
562 if (toplevel_targets ==
nullptr) {
563 return std::unique_ptr<Uptane::Target>(
nullptr);
566 return findTargetHelper(*toplevel_targets, target, 0,
false, offline);
569 result::Download SotaUptaneClient::downloadImages(
const std::vector<Uptane::Target> &targets,
573 std::lock_guard<std::mutex> guard(download_mutex);
575 std::vector<Uptane::Target> downloaded_targets;
578 if (update_status != result::UpdateStatus::kUpdatesAvailable) {
579 if (update_status == result::UpdateStatus::kNoUpdatesAvailable) {
583 result::Download(downloaded_targets, result::DownloadStatus::kError,
"Error rechecking stored metadata.");
584 storeInstallationFailure(
587 sendEvent<event::AllDownloadsComplete>(
result);
591 for (
const auto &target : targets) {
592 auto res = downloadImage(target, token);
594 downloaded_targets.push_back(res.second);
598 if (targets.size() == downloaded_targets.size()) {
601 if (downloaded_targets.size() == 0) {
602 LOG_ERROR <<
"0 of " << targets.size() <<
" targets were successfully downloaded.";
603 result =
result::Download(downloaded_targets, result::DownloadStatus::kError,
"Each target download has failed");
605 LOG_ERROR <<
"Only " << downloaded_targets.size() <<
" of " << targets.size() <<
" were successfully downloaded.";
608 storeInstallationFailure(
612 sendEvent<event::AllDownloadsComplete>(
result);
616 void SotaUptaneClient::reportPause() {
617 const std::string &correlation_id = director_repo.getCorrelationId();
618 report_queue->enqueue(std_::make_unique<DevicePausedReport>(correlation_id));
621 void SotaUptaneClient::reportResume() {
622 const std::string &correlation_id = director_repo.getCorrelationId();
623 report_queue->enqueue(std_::make_unique<DeviceResumedReport>(correlation_id));
626 std::pair<bool, Uptane::Target> SotaUptaneClient::downloadImage(
const Uptane::Target &target,
630 const std::string &correlation_id = director_repo.getCorrelationId();
632 for (
const auto &ecu : target.ecus()) {
633 report_queue->enqueue(std_::make_unique<EcuDownloadStartedReport>(ecu.first, correlation_id));
636 KeyManager keys(storage, config.keymanagerConfig());
638 auto prog_cb = [
this](
const Uptane::Target &t,
const std::string &description,
unsigned int progress) {
639 report_progress_cb(events_channel.get(), t, description, progress);
642 bool success =
false;
645 if (target.IsForEcu(primary_ecu_serial) || !target.
IsOstree()) {
647 const int max_tries = 3;
649 std::chrono::milliseconds wait(500);
651 for (; tries < max_tries; tries++) {
652 success = package_manager_->fetchTarget(target, *uptane_fetcher, keys, prog_cb, token);
655 if (success || (token !=
nullptr && !token->
canContinue(
false))) {
657 }
else if (tries < max_tries - 1) {
658 std::this_thread::sleep_for(wait);
663 LOG_ERROR <<
"Download unsuccessful after " << tries <<
" attempts.";
672 for (
const auto &ecu : target.ecus()) {
673 report_queue->enqueue(std_::make_unique<EcuDownloadCompletedReport>(ecu.first, correlation_id, success));
676 sendEvent<event::DownloadTargetComplete>(target, success);
677 return {success, target};
680 bool SotaUptaneClient::uptaneIteration(std::vector<Uptane::Target> *targets,
unsigned int *ecus_count) {
681 if (!updateDirectorMeta()) {
682 LOG_ERROR <<
"Failed to update Director metadata: " << last_exception.what();
685 std::vector<Uptane::Target> tmp_targets;
687 if (!getNewTargets(&tmp_targets, &ecus)) {
688 LOG_ERROR <<
"Inconsistency between Director metadata and discovered ECUs";
692 if (tmp_targets.empty()) {
693 if (targets !=
nullptr) {
694 *targets = std::move(tmp_targets);
696 if (ecus_count !=
nullptr) {
702 LOG_INFO <<
"New updates found in Director metadata. Checking Image repo metadata...";
704 if (!updateImageMeta()) {
705 LOG_ERROR <<
"Failed to update Image repo metadata: " << last_exception.what();
709 if (targets !=
nullptr) {
710 *targets = std::move(tmp_targets);
712 if (ecus_count !=
nullptr) {
718 bool SotaUptaneClient::uptaneOfflineIteration(std::vector<Uptane::Target> *targets,
unsigned int *ecus_count) {
719 if (!checkDirectorMetaOffline()) {
720 LOG_ERROR <<
"Failed to check Director metadata: " << last_exception.what();
723 std::vector<Uptane::Target> tmp_targets;
725 if (!getNewTargets(&tmp_targets, &ecus)) {
726 LOG_ERROR <<
"Inconsistency between Director metadata and existent ECUs";
730 if (tmp_targets.empty()) {
731 *targets = std::move(tmp_targets);
732 if (ecus_count !=
nullptr) {
738 if (!checkImageMetaOffline()) {
739 LOG_ERROR <<
"Failed to check Image repo metadata: " << last_exception.what();
743 *targets = std::move(tmp_targets);
744 if (ecus_count !=
nullptr) {
750 void SotaUptaneClient::sendDeviceData() {
752 reportInstalledPackages();
754 reportAktualizrConfiguration();
756 sendEvent<event::SendDeviceDataComplete>();
764 if (hasPendingUpdates()) {
766 LOG_INFO <<
"The current update is pending. Check if pending ECUs has been already updated";
767 checkAndUpdatePendingSecondaries();
770 if (hasPendingUpdates()) {
773 LOG_INFO <<
"An update is pending. Skipping check for update until installation is complete.";
775 "There are pending updates, no new updates are checked");
779 if (!putManifestSimple()) {
780 LOG_ERROR <<
"Error sending manifest!";
783 sendEvent<event::UpdateCheckComplete>(
result);
791 std::vector<Uptane::Target> updates;
792 unsigned int ecus_count = 0;
793 if (!uptaneIteration(&updates, &ecus_count)) {
798 std::string director_targets;
799 storage->loadNonRoot(&director_targets, Uptane::RepositoryType::Director(), Uptane::Role::Targets());
801 if (updates.empty()) {
802 LOG_DEBUG <<
"No new updates found in Uptane metadata.";
804 result::UpdateCheck({}, 0, result::UpdateStatus::kNoUpdatesAvailable, Utils::parseJSON(director_targets),
"");
812 for (
auto &target : updates) {
813 auto image_target = findTargetInDelegationTree(target,
false);
814 if (image_target ==
nullptr) {
817 LOG_ERROR <<
"No matching target in Image repo Targets metadata for " << target;
820 storeInstallationFailure(
826 if (target.uri().empty() && !image_target->uri().empty()) {
827 target.setUri(image_target->uri());
832 Utils::parseJSON(director_targets),
"");
833 if (updates.size() == 1) {
834 LOG_INFO <<
"1 new update found in both Director and Image repo metadata.";
836 LOG_INFO << updates.size() <<
" new updates found in both Director and Image repo metadata.";
841 result::UpdateStatus SotaUptaneClient::checkUpdatesOffline(
const std::vector<Uptane::Target> &targets) {
842 if (hasPendingUpdates()) {
844 LOG_INFO <<
"An update is pending. Skipping stored metadata check until installation is complete.";
845 return result::UpdateStatus::kError;
848 if (targets.empty()) {
849 LOG_WARNING <<
"Requested targets vector is empty. Nothing to do.";
850 return result::UpdateStatus::kError;
853 std::vector<Uptane::Target> director_targets;
854 unsigned int ecus_count = 0;
855 if (!uptaneOfflineIteration(&director_targets, &ecus_count)) {
856 LOG_ERROR <<
"Invalid Uptane metadata in storage.";
857 return result::UpdateStatus::kError;
860 if (director_targets.empty()) {
861 LOG_ERROR <<
"No new updates found in Uptane metadata, but expected " << targets.size() <<
".";
862 return result::UpdateStatus::kNoUpdatesAvailable;
868 for (
const auto &target : targets) {
870 const auto it = std::find_if(director_targets.cbegin(), director_targets.cend(), target_comp);
871 if (it == director_targets.cend()) {
872 LOG_ERROR <<
"No matching target in Director Targets metadata for " << target;
873 return result::UpdateStatus::kError;
876 const auto image_target = findTargetInDelegationTree(target,
true);
877 if (image_target ==
nullptr) {
878 LOG_ERROR <<
"No matching target in Image repo Targets metadata for " << target;
879 return result::UpdateStatus::kError;
883 return result::UpdateStatus::kUpdatesAvailable;
886 result::Install SotaUptaneClient::uptaneInstall(
const std::vector<Uptane::Target> &updates) {
887 const std::string &correlation_id = director_repo.getCorrelationId();
890 storage->clearInstallationResults();
895 std::string raw_report;
896 bool drop_targets =
false;
898 std::tie(r, raw_report, drop_targets) = [
this, &updates,
899 &correlation_id]() -> std::tuple<result::Install, std::string, bool> {
905 if (update_status != result::UpdateStatus::kUpdatesAvailable) {
906 if (update_status == result::UpdateStatus::kNoUpdatesAvailable) {
911 return std::make_tuple(
result,
"Stored Uptane metadata is invalid",
false);
916 for (
const auto &update : updates) {
917 if (update.IsForEcu(primary_ecu_serial) || !update.IsOstree()) {
923 if (package_manager_->verifyTarget(update) != TargetStatus::kGood) {
925 return std::make_tuple(
result,
"Downloaded target is invalid",
false);
934 if (!waitSecondariesReachable(updates)) {
936 return std::make_tuple(
result,
"Secondaries were not available",
false);
940 std::vector<Uptane::Target> primary_updates = findForEcu(updates, primary_ecu_serial);
943 if (!sendMetadataToEcus(updates)) {
945 return std::make_tuple(
result,
"Secondary metadata verification failed",
true);
949 if (primary_updates.size() != 0u) {
952 primary_update.setCorrelationId(correlation_id);
954 report_queue->enqueue(std_::make_unique<EcuInstallationStartedReport>(primary_ecu_serial, correlation_id));
955 sendEvent<event::InstallStarted>(primary_ecu_serial);
958 if (!isInstalledOnPrimary(primary_update)) {
961 package_manager_->updateNotify();
962 install_res = PackageInstallSetResult(primary_update);
963 if (install_res.result_code.num_code == data::ResultCode::Numeric::kNeedCompletion) {
965 report_queue->enqueue(std_::make_unique<EcuInstallationAppliedReport>(primary_ecu_serial, correlation_id));
966 sendEvent<event::InstallTargetComplete>(primary_ecu_serial,
true);
967 }
else if (install_res.result_code.num_code == data::ResultCode::Numeric::kOk) {
968 storage->saveEcuInstallationResult(primary_ecu_serial, install_res);
969 report_queue->enqueue(
970 std_::make_unique<EcuInstallationCompletedReport>(primary_ecu_serial, correlation_id,
true));
971 sendEvent<event::InstallTargetComplete>(primary_ecu_serial,
true);
974 storage->saveEcuInstallationResult(primary_ecu_serial, install_res);
975 report_queue->enqueue(
976 std_::make_unique<EcuInstallationCompletedReport>(primary_ecu_serial, correlation_id,
false));
977 sendEvent<event::InstallTargetComplete>(primary_ecu_serial,
false);
982 storage->saveEcuInstallationResult(primary_ecu_serial, install_res);
984 report_queue->enqueue(
985 std_::make_unique<EcuInstallationCompletedReport>(primary_ecu_serial, correlation_id,
false));
986 sendEvent<event::InstallTargetComplete>(primary_ecu_serial,
false);
988 result.ecu_reports.emplace(
result.ecu_reports.begin(), primary_update, primary_ecu_serial, install_res);
990 LOG_INFO <<
"No update to install on primary";
993 auto sec_reports = sendImagesToEcus(updates);
994 result.ecu_reports.insert(
result.ecu_reports.end(), sec_reports.begin(), sec_reports.end());
996 computeDeviceInstallationResult(&
result.dev_report, &rr);
998 return std::make_tuple(
result, rr, !(
result.dev_report.isSuccess() ||
result.dev_report.needCompletion()));
1002 storage->storeDeviceInstallationResult(r.dev_report, raw_report, correlation_id);
1004 sendEvent<event::AllInstallsComplete>(r);
1007 director_repo.dropTargets(*storage);
1014 auto campaigns = campaign::Campaign::fetchAvailableCampaigns(*http, config.tls.server);
1015 for (
const auto &c : campaigns) {
1016 LOG_INFO <<
"Campaign: " << c.name;
1017 LOG_INFO <<
"Campaign id: " << c.id;
1018 LOG_INFO <<
"Campaign size: " << c.size;
1019 LOG_INFO <<
"CampaignAccept required: " << (c.autoAccept ?
"no" :
"yes");
1020 LOG_INFO <<
"Message: " << c.description;
1023 sendEvent<event::CampaignCheckComplete>(
result);
1027 void SotaUptaneClient::campaignAccept(
const std::string &campaign_id) {
1028 sendEvent<event::CampaignAcceptComplete>();
1029 report_queue->enqueue(std_::make_unique<CampaignAcceptedReport>(campaign_id));
1032 void SotaUptaneClient::campaignDecline(
const std::string &campaign_id) {
1033 sendEvent<event::CampaignDeclineComplete>();
1034 report_queue->enqueue(std_::make_unique<CampaignDeclinedReport>(campaign_id));
1037 void SotaUptaneClient::campaignPostpone(
const std::string &campaign_id) {
1038 sendEvent<event::CampaignPostponeComplete>();
1039 report_queue->enqueue(std_::make_unique<CampaignPostponedReport>(campaign_id));
1042 bool SotaUptaneClient::isInstallCompletionRequired()
const {
1043 std::vector<std::pair<Uptane::EcuSerial, Uptane::Hash>> pending_ecus;
1044 storage->getPendingEcus(&pending_ecus);
1045 bool pending_for_ecu = std::find_if(pending_ecus.begin(), pending_ecus.end(),
1046 [
this](
const std::pair<Uptane::EcuSerial, Uptane::Hash> &ecu) ->
bool {
1047 return ecu.first == primary_ecu_serial_;
1048 }) != pending_ecus.end();
1050 return pending_for_ecu && config.uptane.force_install_completion;
1053 void SotaUptaneClient::completeInstall()
const {
1054 if (isInstallCompletionRequired()) {
1055 package_manager_->completeInstall();
1059 bool SotaUptaneClient::putManifestSimple(
const Json::Value &custom) {
1061 if (hasPendingUpdates()) {
1064 LOG_DEBUG <<
"An update is pending. Skipping manifest upload until installation is complete.";
1068 static bool connected =
true;
1069 auto manifest = AssembleManifest();
1070 if (custom != Json::nullValue) {
1071 manifest[
"custom"] = custom;
1073 auto signed_manifest = uptane_manifest->sign(manifest);
1074 HttpResponse response = http->put(config.uptane.director_server +
"/manifest", signed_manifest);
1075 if (response.isOk()) {
1077 LOG_INFO <<
"Connectivity is restored.";
1080 storage->clearInstallationResults();
1086 LOG_WARNING <<
"Put manifest request failed: " << response.getStatusStr();
1090 bool SotaUptaneClient::putManifest(
const Json::Value &custom) {
1091 bool success = putManifestSimple(custom);
1092 sendEvent<event::PutManifestComplete>(success);
1097 void SotaUptaneClient::verifySecondaries() {
1098 storage->clearMisconfiguredEcus();
1100 if (!storage->loadEcuSerials(&serials) || serials.empty()) {
1101 LOG_ERROR <<
"No ECU serials found in storage!";
1105 std::vector<MisconfiguredEcu> misconfigured_ecus;
1106 std::vector<bool> found(serials.size(),
false);
1108 EcuSerials::const_iterator store_it;
1109 store_it = std::find_if(serials.cbegin(), serials.cend(), primary_comp);
1110 if (store_it == serials.cend()) {
1111 LOG_ERROR <<
"Primary ECU serial " << primaryEcuSerial() <<
" not found in storage!";
1114 found[static_cast<size_t>(std::distance(serials.cbegin(), store_it))] =
true;
1117 for (
auto it = secondaries.cbegin(); it != secondaries.cend(); ++it) {
1119 store_it = std::find_if(serials.cbegin(), serials.cend(), secondary_comp);
1120 if (store_it == serials.cend()) {
1121 LOG_ERROR <<
"Secondary ECU serial " << it->second->getSerial() <<
" (hardware ID " << it->second->getHwId()
1122 <<
") not found in storage!";
1123 misconfigured_ecus.emplace_back(it->second->getSerial(), it->second->getHwId(), EcuState::kNotRegistered);
1124 }
else if (found[static_cast<size_t>(std::distance(serials.cbegin(), store_it))]) {
1125 LOG_ERROR <<
"Secondary ECU serial " << it->second->getSerial() <<
" (hardware ID " << it->second->getHwId()
1126 <<
") has a duplicate entry in storage!";
1128 found[static_cast<size_t>(std::distance(serials.cbegin(), store_it))] =
true;
1132 std::vector<bool>::iterator found_it;
1133 for (found_it = found.begin(); found_it != found.end(); ++found_it) {
1135 auto not_registered = serials[static_cast<size_t>(std::distance(found.begin(), found_it))];
1136 LOG_WARNING <<
"ECU serial " << not_registered.first <<
" in storage was not reported to aktualizr!";
1137 misconfigured_ecus.emplace_back(not_registered.first, not_registered.second, EcuState::kOld);
1141 storage->storeMisconfiguredEcus(misconfigured_ecus);
1144 bool SotaUptaneClient::waitSecondariesReachable(
const std::vector<Uptane::Target> &updates) {
1145 std::map<Uptane::EcuSerial, Uptane::SecondaryInterface *> targeted_secondaries;
1147 for (
const auto &t : updates) {
1148 for (
const auto &ecu : t.ecus()) {
1149 if (ecu.first == primary_ecu_serial) {
1152 auto f = secondaries.find(ecu.first);
1153 if (f == secondaries.end()) {
1154 LOG_ERROR <<
"Target " << t <<
" has unknown ECU ID";
1158 targeted_secondaries[ecu.first] = f->second.get();
1162 if (targeted_secondaries.empty()) {
1166 LOG_INFO <<
"Waiting for secondaries to connect to start installation...";
1168 auto deadline = std::chrono::system_clock::now() + std::chrono::seconds(config.uptane.secondary_preinstall_wait_sec);
1169 while (std::chrono::system_clock::now() <= deadline) {
1170 if (targeted_secondaries.empty()) {
1174 for (
auto sec_it = targeted_secondaries.begin(); sec_it != targeted_secondaries.end();) {
1175 if (sec_it->second->ping()) {
1176 sec_it = targeted_secondaries.erase(sec_it);
1181 std::this_thread::sleep_for(std::chrono::seconds(1));
1184 LOG_ERROR <<
"Secondaries did not connect: ";
1186 for (
const auto &sec : targeted_secondaries) {
1187 LOG_ERROR << sec.second->getSerial();
1196 const std::string &correlation_id = director_repo.getCorrelationId();
1197 storage->storeDeviceInstallationResult(
result,
"", correlation_id);
1199 director_repo.dropTargets(*storage);
1203 std::string latest_root;
1205 if (!storage->loadLatestRoot(&latest_root, repo)) {
1206 LOG_ERROR <<
"No Root metadata to send";
1210 int last_root_version = Uptane::extractVersionUntrusted(latest_root);
1212 int sec_root_version = secondary.getRootVersion((repo == Uptane::RepositoryType::Director()));
1213 if (sec_root_version >= 0) {
1214 for (
int v = sec_root_version + 1; v <= last_root_version; v++) {
1217 LOG_WARNING <<
"Couldn't find Root metadata in the storage, trying remote repo";
1218 if (!uptane_fetcher->fetchRole(&root, Uptane::kMaxRootSize, repo, Uptane::Role::Root(),
Uptane::Version(v))) {
1220 LOG_ERROR <<
"Root metadata could not be fetched, skipping to the next secondary";
1224 if (!secondary.putRoot(root, repo == Uptane::RepositoryType::Director())) {
1225 LOG_ERROR <<
"Sending metadata to " << secondary.getSerial() <<
" failed";
1232 bool SotaUptaneClient::sendMetadataToEcus(
const std::vector<Uptane::Target> &targets) {
1234 if (!storage->loadLatestRoot(&meta.director_root, Uptane::RepositoryType::Director())) {
1235 LOG_ERROR <<
"No Director Root metadata to send";
1238 if (!storage->loadNonRoot(&meta.director_targets, Uptane::RepositoryType::Director(), Uptane::Role::Targets())) {
1239 LOG_ERROR <<
"No Director Targets metadata to send";
1242 if (!storage->loadLatestRoot(&meta.image_root, Uptane::RepositoryType::Image())) {
1243 LOG_ERROR <<
"No Image repo Root metadata to send";
1246 if (!storage->loadNonRoot(&meta.image_timestamp, Uptane::RepositoryType::Image(), Uptane::Role::Timestamp())) {
1247 LOG_ERROR <<
"No Image repo Timestamp metadata to send";
1250 if (!storage->loadNonRoot(&meta.image_snapshot, Uptane::RepositoryType::Image(), Uptane::Role::Snapshot())) {
1251 LOG_ERROR <<
"No Image repo Snapshot metadata to send";
1254 if (!storage->loadNonRoot(&meta.image_targets, Uptane::RepositoryType::Image(), Uptane::Role::Targets())) {
1255 LOG_ERROR <<
"No Image repo Targets metadata to send";
1259 bool put_meta_succeed =
true;
1260 for (
const auto &target : targets) {
1261 for (
const auto &ecu : target.ecus()) {
1263 auto sec = secondaries.find(ecu_serial);
1264 if (sec == secondaries.end()) {
1269 rotateSecondaryRoot(Uptane::RepositoryType::Director(), *(sec->second));
1270 rotateSecondaryRoot(Uptane::RepositoryType::Image(), *(sec->second));
1271 if (!sec->second->putMetadata(meta)) {
1272 LOG_ERROR <<
"Sending metadata to " << sec->first <<
" failed";
1273 put_meta_succeed =
false;
1278 return put_meta_succeed;
1283 auto f = [
this, &secondary, target]() {
1284 const std::string &correlation_id = director_repo.getCorrelationId();
1286 sendEvent<event::InstallStarted>(secondary.getSerial());
1287 report_queue->enqueue(std_::make_unique<EcuInstallationStartedReport>(secondary.getSerial(), correlation_id));
1289 std::string data_to_send;
1290 bool send_firmware_result =
false;
1294 data_to_send = secondaryTreehubCredentials();
1296 std::stringstream sstr;
1297 sstr << *storage->openTargetFile(target);
1298 data_to_send = sstr.str();
1301 if (!data_to_send.empty()) {
1302 send_firmware_result = secondary.sendFirmware(data_to_send);
1308 if (send_firmware_result) {
1309 result = secondary.install(target.filename());
1312 if (
result == data::ResultCode::Numeric::kNeedCompletion) {
1313 report_queue->enqueue(std_::make_unique<EcuInstallationAppliedReport>(secondary.getSerial(), correlation_id));
1315 report_queue->enqueue(std_::make_unique<EcuInstallationCompletedReport>(
1316 secondary.getSerial(), correlation_id,
result == data::ResultCode::Numeric::kOk));
1319 sendEvent<event::InstallTargetComplete>(secondary.getSerial(),
result == data::ResultCode::Numeric::kOk);
1323 return std::async(std::launch::async, f);
1326 std::vector<result::Install::EcuReport> SotaUptaneClient::sendImagesToEcus(
const std::vector<Uptane::Target> &targets) {
1327 std::vector<result::Install::EcuReport> reports;
1328 std::vector<std::pair<result::Install::EcuReport, std::future<data::ResultCode::Numeric>>> firmwareFutures;
1332 for (
auto targets_it = targets.cbegin(); targets_it != targets.cend(); ++targets_it) {
1333 for (
auto ecus_it = targets_it->ecus().cbegin(); ecus_it != targets_it->ecus().cend(); ++ecus_it) {
1336 if (primary_ecu_serial == ecu_serial) {
1340 auto f = secondaries.find(ecu_serial);
1341 if (f == secondaries.end()) {
1342 LOG_ERROR <<
"Target " << *targets_it <<
" has unknown ECU ID";
1349 sendFirmwareAsync(sec, *targets_it));
1353 for (
auto &f : firmwareFutures) {
1356 fut_result = f.second.get();
1359 if (fiu_fail((std::string(
"secondary_install_") + f.first.serial.ToString()).c_str()) != 0) {
1372 if (fut_result == data::ResultCode::Numeric::kOk || fut_result == data::ResultCode::Numeric::kNeedCompletion) {
1373 f.first.update.setCorrelationId(director_repo.getCorrelationId());
1374 auto update_mode = fut_result == data::ResultCode::Numeric::kOk ? InstalledVersionUpdateMode::kCurrent
1375 : InstalledVersionUpdateMode::kPending;
1376 storage->saveInstalledVersion(f.first.serial.ToString(), f.first.update, update_mode);
1379 storage->saveEcuInstallationResult(f.first.serial, f.first.install_res);
1380 reports.push_back(f.first);
1385 std::string SotaUptaneClient::secondaryTreehubCredentials()
const {
1386 if (config.tls.pkey_source != CryptoSource::kFile || config.tls.cert_source != CryptoSource::kFile ||
1387 config.tls.ca_source != CryptoSource::kFile) {
1388 LOG_ERROR <<
"Cannot send OSTree update to a secondary when not using file as credential sources";
1391 std::string ca, cert, pkey;
1392 if (!storage->loadTlsCreds(&ca, &cert, &pkey)) {
1393 LOG_ERROR <<
"Could not load TLS credentials from storage";
1397 std::string treehub_url = config.pacman.ostree_server;
1398 std::map<std::string, std::string> archive_map = {
1399 {
"ca.pem", ca}, {
"client.pem", cert}, {
"pkey.pem", pkey}, {
"server.url", treehub_url}};
1402 std::stringstream as;
1403 Utils::writeArchive(archive_map, as);
1406 }
catch (std::runtime_error &exc) {
1407 LOG_ERROR <<
"Could not create credentials archive: " << exc.what();
1416 void SotaUptaneClient::checkAndUpdatePendingSecondaries() {
1418 std::vector<std::pair<Uptane::EcuSerial, Uptane::Hash>> pending_ecus;
1419 storage->getPendingEcus(&pending_ecus);
1421 for (
const auto &pending_ecu : pending_ecus) {
1422 if (primaryEcuSerial() == pending_ecu.first) {
1425 auto &sec = secondaries[pending_ecu.first];
1426 const auto &manifest = sec->getManifest();
1427 if (manifest == Json::nullValue) {
1428 LOG_DEBUG <<
"Failed to get a manifest from Secondary: " << sec->getSerial();
1431 if (!manifest.verifySignature(sec->getPublicKey())) {
1432 LOG_ERROR <<
"Invalid signature of the manifest reported by secondary: "
1433 <<
" serial: " << pending_ecu.first <<
" manifest: " << manifest;
1437 auto current_ecu_hash = manifest.installedImageHash();
1438 if (pending_ecu.second == current_ecu_hash) {
1439 LOG_INFO <<
"The pending update " << current_ecu_hash <<
" has been installed on " << pending_ecu.first;
1440 boost::optional<Uptane::Target> pending_version;
1441 if (storage->loadInstalledVersions(pending_ecu.first.ToString(),
nullptr, &pending_version)) {
1442 storage->saveEcuInstallationResult(pending_ecu.first,
1445 storage->saveInstalledVersion(pending_ecu.first.ToString(), *pending_version,
1446 InstalledVersionUpdateMode::kCurrent);
1448 report_queue->enqueue(std_::make_unique<EcuInstallationCompletedReport>(
1449 pending_ecu.first, pending_version->correlation_id(),
true));
1452 std::string raw_report;
1453 computeDeviceInstallationResult(&ir, &raw_report);
1454 storage->storeDeviceInstallationResult(ir, raw_report, pending_version->correlation_id());
1460 boost::optional<Uptane::HardwareIdentifier> SotaUptaneClient::ecuHwId(
const Uptane::EcuSerial &serial)
const {
1461 if (serial == primary_ecu_serial_ || serial.ToString().empty()) {
1462 if (primary_ecu_hw_id_ == Uptane::HardwareIdentifier::Unknown()) {
1465 return primary_ecu_hw_id_;
1468 const auto it = secondaries.find(serial);
1469 if (it != secondaries.end()) {
1470 return it->second->getHwId();
